Wind River Support Network

HomeSafety and Security NoticesWind River Security Vulnerability Notice: CVE-2018-8897 for linux kernel
Recommended

Wind River Security Vulnerability Notice: CVE-2018-8897 for linux kernel

Released: May 8, 2018     Updated: May 8, 2018

Summary

Wind River Security Vulnerability Notice: CVE-2018-8897

Affected Product Versions

Wind River Linux LTS 17, Wind River Linux 9, Wind River Linux 6, Wind River Linux 7, Wind River Linux 8

Downloads

Description

Due to a flaw in the Linux kernel's exception handling, on IA (Intel Architecture), certain instructions that delay exception generation may trigger memory corruption or other similar symptoms. This happens when using instructions such as MOV SS or POP SS followed by a SYSCALL, INT3 or similar.

An unprivileged system user could use this flaw to crash the Linux kernel resulting in a Denial of Service issue. CVE-2018-8897

Installation Notes

Installation for WRLinux LTS-17/9/8/7/6

Please update to the latest RCPL for all products.

1) Wind River Linux LTS-17
$ bitbake linux-yocto -c devshell
$ git am related-kernel-source-patch.patch
$ make bzImage

2) Wind River Linux 9/8/7/6
$ bitbake linux-windriver -c devshell
$ git am related-kernel-source-patch.patch
$ make bzImage
Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube